Example 16 with RedirectView
use of org.springframework.web.servlet.view.RedirectView in project cas by apereo.
the class OAuth20AuthorizeControllerTests method verifyCodeRedirectToClientWithState.
@Test
public void verifyCodeRedirectToClientWithState() throws Exception {
clearAllServices();
final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.AUTHORIZE_URL);
mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
mockRequest.setParameter(OAuthConstants.RESPONSE_TYPE, OAuth20ResponseTypes.CODE.name().toLowerCase());
mockRequest.setServerName(CAS_SERVER);
mockRequest.setServerPort(CAS_PORT);
mockRequest.setScheme(CAS_SCHEME);
mockRequest.setParameter(OAuthConstants.STATE, STATE);
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
final OAuthRegisteredService service = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
service.setBypassApprovalPrompt(true);
oAuth20AuthorizeEndpointController.getServicesManager().save(service);
final CasProfile profile = new CasProfile();
profile.setId(ID);
final Map<String, Object> attributes = new HashMap<>();
attributes.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
attributes.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
profile.addAttributes(attributes);
final MockHttpSession session = new MockHttpSession();
mockRequest.setSession(session);
session.putValue(Pac4jConstants.USER_PROFILES, profile);
final ModelAndView modelAndView = oAuth20AuthorizeEndpointController.handleRequestInternal(mockRequest, mockResponse);
final View view = modelAndView.getView();
assertTrue(view instanceof RedirectView);
final RedirectView redirectView = (RedirectView) view;
final String redirectUrl = redirectView.getUrl();
assertTrue(redirectUrl.startsWith(REDIRECT_URI + "?code=OC-"));
final String code = StringUtils.substringBefore(StringUtils.substringAfter(redirectUrl, "?code="), "&state=");
final OAuthCode oAuthCode = (OAuthCode) oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(code);
assertNotNull(oAuthCode);
final Principal principal = oAuthCode.getAuthentication().getPrincipal();
assertEquals(ID, principal.getId());
final Map<String, Object> principalAttributes = principal.getAttributes();
assertEquals(attributes.size(), principalAttributes.size());
assertEquals(FIRST_NAME, principalAttributes.get(FIRST_NAME_ATTRIBUTE));
}
Also used :
CasProfile(org.pac4j.cas.profile.CasProfile)
HashMap(java.util.HashMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService)
ModelAndView(org.springframework.web.servlet.ModelAndView)
OAuthCode(org.apereo.cas.ticket.code.OAuthCode)
RedirectView(org.springframework.web.servlet.view.RedirectView)
ModelAndView(org.springframework.web.servlet.ModelAndView)
View(org.springframework.web.servlet.View)
RedirectView(org.springframework.web.servlet.view.RedirectView)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Principal(org.apereo.cas.authentication.principal.Principal)
Test(org.junit.Test)
Example 17 with RedirectView
use of org.springframework.web.servlet.view.RedirectView in project cas by apereo.
the class OAuth20AuthorizeControllerTests method verifyTokenRedirectToClientWithState.
@Test
public void verifyTokenRedirectToClientWithState() throws Exception {
clearAllServices();
final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.AUTHORIZE_URL);
mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
mockRequest.setParameter(OAuthConstants.RESPONSE_TYPE, OAuth20ResponseTypes.TOKEN.name().toLowerCase());
mockRequest.setServerName(CAS_SERVER);
mockRequest.setServerPort(CAS_PORT);
mockRequest.setScheme(CAS_SCHEME);
mockRequest.setParameter(OAuthConstants.STATE, STATE);
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
final OAuthRegisteredService service = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
service.setBypassApprovalPrompt(true);
oAuth20AuthorizeEndpointController.getServicesManager().save(service);
final CasProfile profile = new CasProfile();
profile.setId(ID);
final Map<String, Object> attributes = new HashMap<>();
attributes.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
attributes.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
profile.addAttributes(attributes);
final MockHttpSession session = new MockHttpSession();
mockRequest.setSession(session);
session.putValue(Pac4jConstants.USER_PROFILES, profile);
final ModelAndView modelAndView = oAuth20AuthorizeEndpointController.handleRequestInternal(mockRequest, mockResponse);
final View view = modelAndView.getView();
assertTrue(view instanceof RedirectView);
final RedirectView redirectView = (RedirectView) view;
final String redirectUrl = redirectView.getUrl();
assertTrue(redirectUrl.startsWith(REDIRECT_URI + "#access_token="));
assertTrue(redirectUrl.contains('&' + OAuthConstants.STATE + '=' + STATE));
final String code = StringUtils.substringBetween(redirectUrl, "#access_token=", "&token_type=bearer");
final AccessToken accessToken = (AccessToken) oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(code);
assertNotNull(accessToken);
final Principal principal = accessToken.getAuthentication().getPrincipal();
assertEquals(ID, principal.getId());
final Map<String, Object> principalAttributes = principal.getAttributes();
assertEquals(attributes.size(), principalAttributes.size());
assertEquals(FIRST_NAME, principalAttributes.get(FIRST_NAME_ATTRIBUTE));
}
Also used :
CasProfile(org.pac4j.cas.profile.CasProfile)
HashMap(java.util.HashMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService)
ModelAndView(org.springframework.web.servlet.ModelAndView)
RedirectView(org.springframework.web.servlet.view.RedirectView)
ModelAndView(org.springframework.web.servlet.ModelAndView)
View(org.springframework.web.servlet.View)
AccessToken(org.apereo.cas.ticket.accesstoken.AccessToken)
RedirectView(org.springframework.web.servlet.view.RedirectView)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Principal(org.apereo.cas.authentication.principal.Principal)
Test(org.junit.Test)
Example 18 with RedirectView
use of org.springframework.web.servlet.view.RedirectView in project cas by apereo.
the class OAuth20AuthorizeControllerTests method verifyCodeRedirectToClientApproved.
@Test
public void verifyCodeRedirectToClientApproved() throws Exception {
clearAllServices();
final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.AUTHORIZE_URL);
mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
mockRequest.setParameter(OAuthConstants.RESPONSE_TYPE, OAuth20ResponseTypes.CODE.name().toLowerCase());
mockRequest.setServerName(CAS_SERVER);
mockRequest.setServerPort(CAS_PORT);
mockRequest.setScheme(CAS_SCHEME);
mockRequest.setParameter(OAuthConstants.BYPASS_APPROVAL_PROMPT, "true");
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
final OAuthRegisteredService service = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
service.setBypassApprovalPrompt(false);
oAuth20AuthorizeEndpointController.getServicesManager().save(service);
final CasProfile profile = new CasProfile();
profile.setId(ID);
final Map<String, Object> attributes = new HashMap<>();
attributes.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
attributes.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
profile.addAttributes(attributes);
final MockHttpSession session = new MockHttpSession();
mockRequest.setSession(session);
session.putValue(Pac4jConstants.USER_PROFILES, profile);
final ModelAndView modelAndView = oAuth20AuthorizeEndpointController.handleRequestInternal(mockRequest, mockResponse);
final View view = modelAndView.getView();
assertTrue(view instanceof RedirectView);
final RedirectView redirectView = (RedirectView) view;
final String redirectUrl = redirectView.getUrl();
assertTrue(redirectUrl.startsWith(REDIRECT_URI + "?code=OC-"));
final String code = StringUtils.substringAfter(redirectUrl, "?code=");
final OAuthCode oAuthCode = (OAuthCode) oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(code);
assertNotNull(oAuthCode);
final Principal principal = oAuthCode.getAuthentication().getPrincipal();
assertEquals(ID, principal.getId());
final Map<String, Object> principalAttributes = principal.getAttributes();
assertEquals(attributes.size(), principalAttributes.size());
assertEquals(FIRST_NAME, principalAttributes.get(FIRST_NAME_ATTRIBUTE));
}
Also used :
CasProfile(org.pac4j.cas.profile.CasProfile)
HashMap(java.util.HashMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService)
ModelAndView(org.springframework.web.servlet.ModelAndView)
OAuthCode(org.apereo.cas.ticket.code.OAuthCode)
RedirectView(org.springframework.web.servlet.view.RedirectView)
ModelAndView(org.springframework.web.servlet.ModelAndView)
View(org.springframework.web.servlet.View)
RedirectView(org.springframework.web.servlet.view.RedirectView)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Principal(org.apereo.cas.authentication.principal.Principal)
Test(org.junit.Test)
Example 19 with RedirectView
use of org.springframework.web.servlet.view.RedirectView in project cas by apereo.
the class CasManagementRootController method handleRequestInternal.
@Override
protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final String url = request.getContextPath() + "/manage.html";
LOGGER.debug("Initial url is [{}]", url);
final String encodedUrl = response.encodeURL(url);
LOGGER.debug("Encoded url is [{}]", encodedUrl);
return new ModelAndView(new RedirectView(encodedUrl));
}
Also used :
ModelAndView(org.springframework.web.servlet.ModelAndView)
RedirectView(org.springframework.web.servlet.view.RedirectView)
Example 20 with RedirectView
use of org.springframework.web.servlet.view.RedirectView in project cas by apereo.
the class CasManagementSecurityInterceptor method postHandle.
@Override
public void postHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler, final ModelAndView modelAndView) throws Exception {
if (!StringUtils.isEmpty(request.getQueryString()) && request.getQueryString().contains(CasProtocolConstants.PARAMETER_TICKET)) {
final RedirectView v = new RedirectView(request.getRequestURL().toString());
v.setExposeModelAttributes(false);
v.setExposePathVariables(false);
modelAndView.setView(v);
}
}
Also used :
RedirectView(org.springframework.web.servlet.view.RedirectView)
Aggregations
RedirectView (org.springframework.web.servlet.view.RedirectView)79
ModelAndView (org.springframework.web.servlet.ModelAndView)68
Test (org.junit.Test)34
HashMap (java.util.HashMap)18
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)17
View (org.springframework.web.servlet.View)16
Authentication (org.springframework.security.core.Authentication)14
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)13
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)9
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)8
TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)8
DefaultUserApprovalHandler (org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler)8
ServletException (javax.servlet.ServletException)7
RequestInfoForm (org.orcid.pojo.ajaxForm.RequestInfoForm)7
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)7
TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)7
Principal (org.apereo.cas.authentication.principal.Principal)6
OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)6
CasProfile (org.pac4j.cas.profile.CasProfile)6
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6
